API Docs¶
Invenio module that provides SAML integration.
- class invenio_saml.ext.InvenioSSOSAML(app=None)[source]¶
Invenio-SSO-SAML extension.
Extension initialization.
Default handlers¶
Default handlers for SSO-SAML.
- invenio_saml.handlers.acs_handler_factory(remote_app, account_info=<function default_account_info>, account_setup=<function default_account_setup>)[source]¶
Generate ACS handlers with an specific account info and setup functions.
Note
In 90% of the cases the ACS handler is going to be the same, only the way the information is extracted and processed from the IdP will be different.
- Parameters:
remote_app – string representing the name of the identity provider.
account_info –
callable to extract the account information from a dict like object.
mappingskey is required whe using it. This function is expected to return a dictionary similar to this:dict( user=dict( email='federico@example.com', profile=dict(username='federico', full_name='Federico Fernandez'), ), external_id='12345679abcdf', external_method='example', active=True )
Where
external_idis the ID provided by the IdP andexternal_methodis the name of the IdP as in the configuration file (not mandatory but recommended).account_setup – callable to setup the user account with the corresponding IdP account information. Typically this means creating a new row under
UserIdentityand maybe extendingg.identity.
- Returns:
function to be used as ACS handler
- invenio_saml.handlers.default_account_info(attributes, remote_app)[source]¶
Return account info for remote user.
This function uses the mappings configuration variable inside your IdP configuration.
- Parameters:
attributes – (dict) dictionary of data returned by identity provider.
remote_app – (str) Identity provider key.
- Returns:
(dict) A dictionary representing user to create or update.
